Artificial Intelligence is one of the mechanisms used in computer science for preventing Cyber security cases. Through AI, machine learning and threat intelligence, it becomes easy to recognize data patterns which enable security systems learn from previous experience (Xiao, 2019). It also enables a reduction of incidence response time and in complying with the best security practices.
AI helps cyber security through threat hunting in a better way compared to the traditional methods. It works better when it is combined with the traditional methods. It assists in behavioral analysis and vulnerability management. This technology has made it easier to protect institutions from attacks even before they happen. AI has also helped pinpoint what should be improved in network security to ensure its effectiveness. On top of this, it has also helped in reducing the cost of hardware maintenance.
AI has first minimized the viciousness of cyber-attacks. The technology has helped in recognizing the patterns of attacks, suspicious email attacks and also in identifying the most vulnerable network endpoints. AI is helping in tackling repetitive error tasks and also in easier formulation of data reports that individuals can analyze and pick out how cyber-attacks are happening and therefore stopping them. Through AI, there has been a reduced need to have cyber security workers since the technology is able to take care of most of the things that this category of staff can do (Xiao, 2019).
AI has brought easy identity and access to management security measures. It has led to the automation of several processes in companies. It has reduced the amount of manual labor that is needed to execute goals that have been on the security apparatus. The technology has made it easier to monitor and analyze user activities like mouse movements, typing and so on (Dasgupta, Collins & Mittu, 2021). It is effective in picking out behavior that is not normal in a cyber-security system.
Through AI, there has been a better customer authentication from the point of creating an account to logins and interacting with service accounts. Through AI monitoring activities that touch on security, institutions are able to assign risk scores in relation to probable suspicious events rather than simply locking users or terminating sessions midair. This approach helps bring improved efficiency and helps in zeroing in on threats.
AI has helped improve block chain especially given the rise of cryptocurrencies. The crypto currencies transactions need to be kept secure and decentralized. In the medical field, block chain helps in keeping records secure and in monitoring access to electronic records. These technologies need the input of AI. AI helps in reducing the need for time consuming secure sockets and transport layer security methods which involve verification keys. Through AI it is possible to analyze data chains in bulk making the process much faster and more secure.
The other trend in AI is seen in that it has helped in applying regulatory rules and requirements across complicated networks therefore making the process quicker and foolproof in comparison to manual search processes. As time goes by, more new regulations continue to be rolled out and it is only AI that can handle these data processes. AI will continue to help in monitoring and maintaining compliance.
There has been a rise in the use of cloud network and with this, there is need for more cloud security. Through AI, enhanced cyber security will continue to become easier by monitoring cloud data (Parisi, 2019). AI will help in monitoring and analyzing data across several environments uncomplicating the process and safeguarding important data from going missing.
AI in Cyber Security
The WannaCry ransomware attack happened in May 2017. It targeted computers that were running through the Microsoft Windows Operating System by encrypting data and asking for ransom payments in Bitcoins (Ehrenfeld & SpringerLink, 2017). It affected computers that had not installed Microsoft security update from March of 2017 and those that operated through unsupported versions of Microsoft Windows like Windows XP or Windows Server 2003. These computers were under attack as they had security patches since the last released security updates for Windows XP happened in 2014 and for Windows Server 2003 in July 2015. The attack affected about 200,000 computers in 150 countries and it brought damages amounting to billions of dollars. The most affected countries were Taiwan, Ukraine, Russia and India. The largest agency to suffer from the attack was the National Health Service hospitals in Scotland and England where up to 70000 devices were infected (Ehrenfeld & SpringerLink, 2017). The worm was eventually discovered to have originated from North Korea or agencies working for them.
A company needs to carry out enough assessment of trusts. An assessment that was done after the Wanna Cry attack by National Health Service hospitals in Scotland and England Digital found that out of the 236 trusts, 88 of them did not pass the obligatory cyber security principles (Ehrenfeld & SpringerLink, 2017). NHS trusts had not acted on crucial alerts from NHS digital and a caveat from Department of Health was ignored. Also ignored was a memo from the Cabinet Office for institutions to migrate away from old and susceptible software.
There is need for institutions to manage their computer firewalls and dedicate enough time and resources for fighting ransom ware. There is also need to focus on doing regular cyber security improvements and have a response plan. With a response plan, institutions are able to ensure that crucial cyber security updates get to be done (Ehrenfeld & SpringerLink, 2017). As one observer noted, this attack could have been barred by just following rudimentary IT security practices. It was also established that most institutional executives took cyber security as among their high risks and gave this a priority. The problem came with a lack of planning at the local level. The Department of Health in England had a solid developed plan only that it was not communicated to the NHS trusts.
Investigations established that the Wannacry ransom ware penetrated systems through a vulnerable and outdated Windows XP operating system which was not being supported by Microsoft since 2014 (Barker, 2020). This means that majority of computers do not receive the latest patches which could help in preventing widespread infections. Thus IT infrastructure needs to be up to date at all times. There is need to have a mechanism for how to handle such an attack. Something like a ‘cyber handbook’ to describe the approach and actions to be taken when an attack of such a nature happens. This handbook would state the entity that is responsible for coordinating the system response. The book could stipulate the cyber response activities in depth, including most important, the mechanisms of communication.
There is also a lack of on-site cyber assessments. There is need to have capital investment on areas like addressing weaknesses in infrastructure to secure weaknesses like for instance upgrading firewalls, enhancing network resilience and segmenting so that the risk can be lowered. There also lacks a mechanism for improving device security by having device replacements and automations of patch management. Anti-virus protection also needs to be done often. The WannaCry attack could have been prevented if there was enough funding for supporting organizations that had self-assessed as being non-compliant so that they can strengthen their hardware and software across the system.
There is need for enough investment in the cyber sector and mostly, in the local infrastructure and the national systems to help enhance monitoring and response. Institutions need to commit local revenue funding to support versions of software needed to deal with cyber
security. There is need for a mechanism for registering technical compliance and passing on technical information to help in preventive activities. The other thing that lacks is the presence of an information governance toolkit. This spelts out the data security standards which define the data and cyber security programs. The governance toolkit helps enhance the prevailing data security services which go a long way into preventing the escalation of the ransom ware. An adequate audit of systems and processes needs to be regularly carried out. Institutions need to work with other institutions to ensure that the necessary information is offered that could help in preventing advancement of a cyber-attack. With the presence of ‘Good Practice Guides’ that are under regular monitoring and evaluation, an attack like that of WannaCry nature can easily be stopped.
The presence of a Digital Data Security helpline that operates throughout the day and night makes it possible to have a call team that is supported by a data security expert where one can call if they notice a mishap (Bell,2020).
The digitization programs in place should support cyber security. A mechanism of ensuring that suppliers make the information systems secure should be in place. The providers should be involved in the implementation of data security standards and there should be plans of removing and isolating any unsupported software. To prevent such an incident again, there needs to be leadership governing the entire process (Bell, 2020). The importance of cyber security needs to be communicated especially to staff. There is need to have a set of annual statements of requirements to the various boards and expectations set for every board that they should have a data security lead.
Barker, J. (2020). Confident Cyber Security: How to Get Started in Cyber Security and
Futureproof Your Career.
Bell, G. J. (2020). The organizational resilience handbook: A practical guide to achieving
Ehrenfeld, J. M., & SpringerLink (Online service). (2017). WannaCry, Cybersecurity and Health Information Technology: A Time to Act. (Journal of medical systems.)
Maglaras, L., & In Kantzavelou, I. (2022). Cybersecurity issues in emerging technologies.
Wilson, D. (2021). Cybersecurity.